Re: Can Exploit-ANIfile.c infect JPG files?

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:%23jrgcytgHHA.4140@xxxxxxxxxxxxxxxxxxxxxxx
From: "Russell L. Smith" <r dot l dot smith at caci dot com>

| A recent VirusScan log showed that VirusScan found a JPG file on my web
site
| infected with Exploit-ANIfile.c (Trojan). I read the Microsoft security
| bulletin, the info on the McAfee site, and searched the net - I can find
no
| mention of this virus infecting JPG files. Can anybody point me to
| documentation that mentions this virus infecting JPG files? Thanks for
your
| assistance.


It isn't a JPG file. Exploits don't "infect". I don't need to point to
you to ANY
documentation. I have seen many web sites alreadt using files named *.JPG
that are
ANI-Exploit files. I bet the JPG file is less then 2KB and most likely
between .5KB and
1KB in size.

If a JPG was was found on YOUR web site that had the "Exploit-ANIfile.c"
then most likely
your web site has been hacked, the JPG was placed there and there is a
HTML file with a
Javascipt or someother script being using to infect computers that access
your web site.

You web server needs to be removed from the internet, the system
thoroughly scanned and
all vulnerabilities that led to teh systenm being hacked mitigated ASAP !

Thanks for the response. I think you are saying some vulnerability with the
server allowed the JPG to replaced with a malicious ANI masquerading as a
JPG. I am trying to figure out the sequence of events. The server was
started after a scheduled building power outage. A developer coincidentally
noticed less than 24 hours later that the VirusScan on-access scanner was
disabled. I have noticed this very occasionally happens on restart with
some of my internal development servers. The server was immediately pulled
off line and fully scanned (VirusScan plus tools used our security group to
check ports, vulnerabilities, patches, etc.). That was when VirusScan
reported this JPG with Exploit-ANIfile.c. The log states the file was
deleted so I don't know if we still have it in quarantine. I am scheduled
to meet with the developer when he returns from a trip to get more details.
At this point I have no idea how the "fake" JPG got there, and that is
obviously important.


.

Relevant Pages

  • Re: Error opening .jpg files in a TS outllok session
    ... still getting the exact same message when I try to double click a .jpg ... > user attempts to open a .jpg file attachment from their Outlook ... if they save the attachment to their Terminal Server session ... > Does anybody have any ideas as to why one cannot launch the ...
    (microsoft.public.win2000.termserv.clients)
  • Re: Cannot play jpegs (pics)
    ... The 5MB is the size of the jpg file, ... The primary reason is that I have integrated my XBOX 360 into my network. ... But enough with the semantics - the fact remains that Windows Media Player ...
    (microsoft.public.multimedia.windows.mediaplayer)
  • Re: RAW dynamic range vs out of camera JPG dynamic range
    ... the highlight and shadow detail is there as I can manually process a RAW file to recover either or both these by adjusting the exposure/recovery/fill light/curves etc. in Photoshop RAW into two image files then combining these in PS to recover the maximum dynamic range of the image. ... if I save the final image as an eight bit JPG file the dynamic range I've achieved remains. ... He maintains that there is very little difference in the dynamic range between an Olympus RAW file and an out of camera JPG file, so is it just because the algorithms used to do the JPG processing in other brands aren't up to it or is there some other reason? ...
    (alt.photography)
  • Re: Unable to view JPEG attachments in Outlook Express
    ... It happens to all e-mails that have jpegs attached. ... > You had a file association problem with JPG files. ... >> I click on the paper clip icon then I double click on the JPG file. ...
    (microsoft.public.windowsxp.general)